Lucene search
K

379 matches found

Patchstack
Patchstack
added 2025/06/17 11:0 a.m.8 views

WordPress YITH WooCommerce Wishlist plugin <= 4.5.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via id Parameter vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via id Parameter vulnerability discovered by Asaf Mozes in WordPress Plugin YITH WooCommerce Wishlist versions = 4.5.0...

6.4CVSS5.5AI score0.00244EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2025/06/17 12:0 a.m.6 views

PT-2025-25683 · Yith · Yith Paypal Express Checkout For Woocommerce

Name of the Vulnerable Software and Affected Versions: YITH PayPal Express Checkout for WooCommerce versions 1.49.0 and earlier Description: A Cross-Site Request Forgery CSRF issue affects the software, allowing unauthorized actions. Recommendations: For YITH PayPal Express Checkout for WooCommer...

4.3CVSS6.5AI score0.0014EPSS
Exploits0References3
Patchstack
Patchstack
added 2025/06/16 11:25 a.m.5 views

WordPress YITH PayPal Express Checkout for WooCommerce plugin <= 1.49.0 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by Nguyen Xuan Chien Patchstack Alliance in WordPress Plugin YITH PayPal Express Checkout for WooCommerce versions = 1.49.0...

4.3CVSS6.8AI score0.0014EPSS
Exploits0Affected Software1
RedhatCVE
RedhatCVE
added 2025/06/16 10:9 a.m.5 views

CVE-2025-5238

The YITH WooCommerce Wishlist plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘id’ parameter in all versions up to, and including, 4.5.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level...

6.4CVSS6AI score0.00244EPSS
Exploits0References1
NVD
NVD
added 2025/06/14 10:15 a.m.10 views

CVE-2025-5238

The YITH WooCommerce Wishlist plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘id’ parameter in all versions up to, and including, 4.5.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level...

6.4CVSS0.00244EPSS
Exploits0References5
Cvelist
Cvelist
added 2025/06/14 9:23 a.m.18 views

CVE-2025-5238 YITH WooCommerce Wishlist <= 4.5.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via id Parameter

The YITH WooCommerce Wishlist plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘id’ parameter in all versions up to, and including, 4.5.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level...

6.4CVSS0.00244EPSS
Exploits0References5
CVE
CVE
added 2025/06/14 9:23 a.m.40 views

CVE-2025-5238

CVE-2025-5238 affects the YITH WooCommerce Wishlist plugin for WordPress. The issue is a stored cross-site scripting (XSS) vulnerability in the id parameter present in versions up to and including 4.5.0, caused by insufficient input sanitization and output escaping. Exploitation requires authenti...

6.4CVSS5.7AI score0.00244EPSS
Exploits0References5
CNNVD
CNNVD
added 2025/06/14 12:0 a.m.3 views

WordPress plugin YITH WooCommerce Wishlist 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...

6.4CVSS6.1AI score0.00244EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2025/06/14 12:0 a.m.5 views

PT-2025-25485 · WordPress · Yith Woocommerce Wishlist

Name of the Vulnerable Software and Affected Versions: YITH WooCommerce Wishlist plugin for WordPress versions up to, and including, 4.5.0 Description: The issue is related to Stored Cross-Site Scripting due to insufficient input sanitization and output escaping. This allows authenticated attacke...

6.4CVSS5.7AI score0.00244EPSS
Exploits0References9
RedhatCVE
RedhatCVE
added 2025/05/23 10:35 a.m.8 views

CVE-2024-7846

YITH WooCommerce Ajax Search is vulnerable to a XSS vulnerability due to insufficient sanitization of user supplied block attributes. This makes it possible for Contributors+ attackers to inject arbitrary scripts...

5.4CVSS6AI score0.00313EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/23 10:19 a.m.6 views

CVE-2024-32699

Cross-Site Request Forgery CSRF vulnerability in YITHEMES YITH WooCommerce Compare yith-woocommerce-compare.This issue affects YITH WooCommerce Compare: from n/a through = 2.37.0...

4.3CVSS5.9AI score0.00204EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 9:49 a.m.10 views

CVE-2024-34385

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in YITHEMES YITH WooCommerce Wishlist yith-woocommerce-wishlist.This issue affects YITH WooCommerce Wishlist: from n/a through = 3.32.0...

5.9CVSS5.9AI score0.00261EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 8:42 a.m.6 views

CVE-2024-0870

The YITH WooCommerce Gift Cards plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'savemailstatus' and 'saveemailsettings' functions in all versions up to, and including, 4.12.0. This makes it possible for unauthenticated attackers to...

5.3CVSS6.7AI score0.00504EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 8:17 a.m.5 views

CVE-2024-35698

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in YITHEMES YITH WooCommerce Tab Manager yith-woocommerce-tab-manager.This issue affects YITH WooCommerce Tab Manager: from n/a through = 1.35.0...

5.9CVSS5.9AI score0.00279EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 8:16 a.m.5 views

CVE-2024-35732

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in YITHEMES YITH Custom Login yith-custom-login.This issue affects YITH Custom Login: from n/a through = 1.7.0...

5.9CVSS5.9AI score0.00281EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 8:2 a.m.9 views

CVE-2024-6799

The YITH Essential Kit for WooCommerce 1 plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'activatemodule', 'deactivatemodule', and 'installmodule' functions in all versions up to, and including, 2.34.0. This makes it possible for...

4.3CVSS6.5AI score0.0033EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 7:19 a.m.8 views

CVE-2024-8665

The YITH Custom Login plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg without appropriate escaping on the URL in all versions up to, and including, 1.7.3. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pag...

6.1CVSS6.4AI score0.00466EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 7:12 a.m.14 views

CVE-2024-35680

Improper Neutralization of Script-Related HTML Tags in a Web Page Basic XSS vulnerability in YITHEMES YITH WooCommerce Product Add-Ons yith-woocommerce-product-add-ons.This issue affects YITH WooCommerce Product Add-Ons: from n/a through = 4.9.2...

5.3CVSS5.9AI score0.00329EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 6:16 a.m.4 views

CVE-2024-37943

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in YITHEMES YITH WooCommerce Ajax Product Filter yith-woocommerce-ajax-navigation.This issue affects YITH WooCommerce Ajax Product Filter: from n/a through = 5.1.0...

5.8CVSS5.9AI score0.00296EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 2:9 a.m.6 views

CVE-2023-46635

Missing Authorization vulnerability in YITHEMES YITH WooCommerce Product Add-Ons yith-woocommerce-product-add-ons allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects YITH WooCommerce Product Add-Ons: from n/a through = 4.2.0...

5.3CVSS7.3AI score0.00343EPSS
Exploits0References1
Rows per page
Query Builder